Friday, August 8, 2014

The fighting between Israel and Hamas during Operation Protective Edge has been severe by any measure; especially as regards to the cost of human lives - over 1,800 Palestinians have been killed in the past 30 days while the IDF has lost 67 soldiers and 3 Israeli civilians [1]. Israel has been using air and ground assaults while Hamas has launched over 3,300 rockets [2].

In comparison, the cyber attacks launched against Israel haven't risen to nearly the same level. They've been nuisance attacks against Israeli government websites [3], rather than technically sophisticated attacks against Israel's critical infrastructure. Hamas has more than enough money to hire hackers with the necessary technical chops. Iran should already have the capability and manpower and they certainly have the money to invest in gaining that capability if they chose to do so. So why hasn't this happened yet? There are a few possibilities:

ONE: ISRAEL HAS SUPERIOR CYBER DEFENSES IN PLACE
I've taken a quick survey of my contacts in the industrial control system community and we all agree that Israel's capabilities to defend its critical infrastructure against cyber attacks are second to none in the world. However, Israel Electric, the state-owned company that generates and distributes electricity throughout the country uses vendors like Siemens whose equipment can be (and has been) exploited by technically sophisticated attackers so the IEC isn't immune to attack; especially against an adversary who has them on their potential targets list.

TWO: HAMAS HAS NOT INVESTED IN OFFENSIVE CYBER WEAPON DEVELOPMENT
Cyber weapons, unlike kinetic weapons, cannot just be used at a moment's notice against any other nation's power grid. It takes advance intelligence, planning, testing and production so that if an attack is imminent, you have the capability to turn out the lights and keep them off. It's unlikely that Hamas has done that. Iran and Syria should be doing that if they aren't already. The U.S. and the PRC have been doing it for years.

THREE: HAMAS HAS TACTICAL REASONS FOR NOT DEPLOYING CYBER WEAPONS
Even if Hamas or its ally Iran has the capability to attack Israel's grid, that may not be their geopolitical goal right now. The number of civilian casualties suffered by the Palestinians in Gaza is garnering a lot of sympathy from other nations which could be leveraged towards Hamas obtaining its goal of a Palestinian state. A technically sophisticated cyber attack against Israel that would leave much of the country without power could instantly change that advantage from a positive into a negative since it would have severe humanitarian consequences. Furthermore, the IEC supplies power to the Gaza Strip so even if Hamas wanted to disrupt Israel's ability to wage war by sabotaging the IEC's ability to distribute electricity, it would be cutting off its own supply of power as well.

Alternatively, the IEC has been officially forbidden by the Israel's National Security Council to interrupt its supply of power and water to Gaza due to probable blow-back by the international community. Tony Blair has reportedly advised Netanyahu not to disconnect any West Bank or Gaza consumers from their electricity supply [4].

In fact, as of Tuesday August 5, IEC workers guarded by IDF forces were repairing portions of Gaza's electric grid that was damaged by rocket fire [5].

So while there may be several answers as to why Hamas has not utilized the asymmetric advantage offered by cyber weapons deployed against critical infrastructure, the best answer is probably that no one wants to be the first to push that particular button against such a large civilian population.

Also for those pundits who have dismissed Iran's cyber warfare capabilities, the only capability that Iran or any nation state needs to acquire this type of weapon is the ability to write a check with a lot of zeros on it.